SSL Server Test: www.bceao.int (Powered by Qualys SSL Labs)

SSL Report: www.bceao.int (64.22.104.14)

Assessed on: Thu, 16 Oct 2025 07:10:15 UTC | Clear cache

Due to a recently discovered bug in Apple's code, your browser is exposed to MITM attacks. Click here for more information.

Summary

Overall Rating

100

Certificate

Protocol Support

Key Exchange

Cipher Strength

Visit our documentation page for more information, configuration guides, and books. Known issues are documented here.

This server's certificate chain is incomplete. Grade capped to B.

This server supports TLS 1.0 and TLS 1.1. Grade capped to B. MORE INFO »

This server does not support TLS 1.3. MORE INFO »

Certificate #1: RSA 2048 bits (SHA256withRSA)

Server Key and Certificate #1
Subject	*.bceao.int Fingerprint SHA256: 6292cfa9890c3a09aff3a6299a8d5cad102d464b082f8721485e440107b49e44 Pin SHA256: o1hjMGLMtef6fyYMqi7kfOQTH836eVIuHz8jwy112wg=
Common names	*.bceao.int
Alternative names	.bceao.int bceao.int .dev.bceao.int dev.bceao.int .recette.bceao.int recette.bceao.int .test.bceao.int test.bceao.int
Serial Number	09a38b71dbb3fce9e439d99270580bb1
Valid from	Thu, 11 Sep 2025 00:00:00 UTC
Valid until	Thu, 10 Sep 2026 23:59:59 UTC (expires in 10 months and 25 days)
Key	RSA 2048 bits (e 65537)
Weak key (Debian)	No
Issuer	Thawte TLS RSA CA G1 AIA: http://cacerts.thawte.com/ThawteTLSRSACAG1.crt
Signature algorithm	SHA256withRSA
Extended Validation	No
Certificate Transparency	Yes (certificate)
OCSP Must Staple	No
Revocation information	CRL, OCSP CRL: http://cdp.thawte.com/ThawteTLSRSACAG1.crl OCSP: http://status.thawte.com
Revocation status	Good (not revoked)
DNS CAA	No (more info)
Trusted	Yes Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	1 (1744 bytes)
Chain issues	Incomplete

Certification Paths


Path #1: Trusted
1	Sent by server	*.bceao.int Fingerprint SHA256: 6292cfa9890c3a09aff3a6299a8d5cad102d464b082f8721485e440107b49e44 Pin SHA256: o1hjMGLMtef6fyYMqi7kfOQTH836eVIuHz8jwy112wg= RSA 2048 bits (e 65537) / SHA256withRSA
2	Extra download	Thawte TLS RSA CA G1 Fingerprint SHA256: 4bcc5e234fe81ede4eaf883aa19c31335b0b26e85e066b9945e4cb6153eb20c2 Pin SHA256: 42b9RNOnyb3tlC0KYtNPA3KKpJluskyU6aG+CipUmaM= RSA 2048 bits (e 65537) / SHA256withRSA
3	In trust store	DigiCert Global Root G2 Self-signed Fingerprint SHA256: cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f Pin SHA256: i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= RSA 2048 bits (e 65537) / SHA256withRSA
Path #1: Trusted
1	Sent by server	*.bceao.int Fingerprint SHA256: 6292cfa9890c3a09aff3a6299a8d5cad102d464b082f8721485e440107b49e44 Pin SHA256: o1hjMGLMtef6fyYMqi7kfOQTH836eVIuHz8jwy112wg= RSA 2048 bits (e 65537) / SHA256withRSA
2	Extra download	Thawte TLS RSA CA G1 Fingerprint SHA256: 4bcc5e234fe81ede4eaf883aa19c31335b0b26e85e066b9945e4cb6153eb20c2 Pin SHA256: 42b9RNOnyb3tlC0KYtNPA3KKpJluskyU6aG+CipUmaM= RSA 2048 bits (e 65537) / SHA256withRSA
3	In trust store	DigiCert Global Root G2 Self-signed Fingerprint SHA256: cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f Pin SHA256: i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= RSA 2048 bits (e 65537) / SHA256withRSA
Path #1: Trusted
1	Sent by server	*.bceao.int Fingerprint SHA256: 6292cfa9890c3a09aff3a6299a8d5cad102d464b082f8721485e440107b49e44 Pin SHA256: o1hjMGLMtef6fyYMqi7kfOQTH836eVIuHz8jwy112wg= RSA 2048 bits (e 65537) / SHA256withRSA
2	Extra download	Thawte TLS RSA CA G1 Fingerprint SHA256: 4bcc5e234fe81ede4eaf883aa19c31335b0b26e85e066b9945e4cb6153eb20c2 Pin SHA256: 42b9RNOnyb3tlC0KYtNPA3KKpJluskyU6aG+CipUmaM= RSA 2048 bits (e 65537) / SHA256withRSA
3	In trust store	DigiCert Global Root G2 Self-signed Fingerprint SHA256: cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f Pin SHA256: i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= RSA 2048 bits (e 65537) / SHA256withRSA
Path #1: Trusted
1	Sent by server	*.bceao.int Fingerprint SHA256: 6292cfa9890c3a09aff3a6299a8d5cad102d464b082f8721485e440107b49e44 Pin SHA256: o1hjMGLMtef6fyYMqi7kfOQTH836eVIuHz8jwy112wg= RSA 2048 bits (e 65537) / SHA256withRSA
2	Extra download	Thawte TLS RSA CA G1 Fingerprint SHA256: 4bcc5e234fe81ede4eaf883aa19c31335b0b26e85e066b9945e4cb6153eb20c2 Pin SHA256: 42b9RNOnyb3tlC0KYtNPA3KKpJluskyU6aG+CipUmaM= RSA 2048 bits (e 65537) / SHA256withRSA
3	In trust store	DigiCert Global Root G2 Self-signed Fingerprint SHA256: cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f Pin SHA256: i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= RSA 2048 bits (e 65537) / SHA256withRSA
Path #1: Trusted
1	Sent by server	*.bceao.int Fingerprint SHA256: 6292cfa9890c3a09aff3a6299a8d5cad102d464b082f8721485e440107b49e44 Pin SHA256: o1hjMGLMtef6fyYMqi7kfOQTH836eVIuHz8jwy112wg= RSA 2048 bits (e 65537) / SHA256withRSA
2	Extra download	Thawte TLS RSA CA G1 Fingerprint SHA256: 4bcc5e234fe81ede4eaf883aa19c31335b0b26e85e066b9945e4cb6153eb20c2 Pin SHA256: 42b9RNOnyb3tlC0KYtNPA3KKpJluskyU6aG+CipUmaM= RSA 2048 bits (e 65537) / SHA256withRSA
3	In trust store	DigiCert Global Root G2 Self-signed Fingerprint SHA256: cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f Pin SHA256: i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= RSA 2048 bits (e 65537) / SHA256withRSA

Click here to expand

Configuration

Protocols
TLS 1.3	No
TLS 1.2	Yes
TLS 1.1	Yes
TLS 1.0	Yes
SSL 3	No
SSL 2	No

Cipher Suites
# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (`0xc030`) ECDH x25519 (eq. 3072 bits RSA) FS	256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (`0xcca8`) ECDH x25519 (eq. 3072 bits RSA) FS	256
TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 (`0xc061`) ECDH x25519 (eq. 3072 bits RSA) FS	256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (`0xc02f`) ECDH x25519 (eq. 3072 bits RSA) FS	128
TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 (`0xc060`) ECDH x25519 (eq. 3072 bits RSA) FS	128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (`0xc028`) ECDH x25519 (eq. 3072 bits RSA) FS WEAK	256
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 (`0xc077`) ECDH x25519 (eq. 3072 bits RSA) FS WEAK	256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (`0xc027`) ECDH x25519 (eq. 3072 bits RSA) FS WEAK	128
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (`0xc076`) ECDH x25519 (eq. 3072 bits RSA) FS WEAK	128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (`0xc014`) ECDH x25519 (eq. 3072 bits RSA) FS WEAK	256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (`0xc013`) ECDH x25519 (eq. 3072 bits RSA) FS WEAK	128
TLS_RSA_WITH_AES_256_GCM_SHA384 (`0x9d`) WEAK	256
TLS_RSA_WITH_AES_256_CCM_8 (`0xc0a1`) WEAK	256
TLS_RSA_WITH_AES_256_CCM (`0xc09d`) WEAK	256
TLS_RSA_WITH_ARIA_256_GCM_SHA384 (`0xc051`) WEAK	256
TLS_RSA_WITH_AES_128_GCM_SHA256 (`0x9c`) WEAK	128
TLS_RSA_WITH_AES_128_CCM_8 (`0xc0a0`) WEAK	128
TLS_RSA_WITH_AES_128_CCM (`0xc09c`) WEAK	128
TLS_RSA_WITH_ARIA_128_GCM_SHA256 (`0xc050`) WEAK	128
TLS_RSA_WITH_AES_256_CBC_SHA256 (`0x3d`) WEAK	256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (`0xc0`) WEAK	256
TLS_RSA_WITH_AES_128_CBC_SHA256 (`0x3c`) WEAK	128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (`0xba`) WEAK	128
TLS_RSA_WITH_AES_256_CBC_SHA (`0x35`) WEAK	256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (`0x84`) WEAK	256
TLS_RSA_WITH_AES_128_CBC_SHA (`0x2f`) WEAK	128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (`0x41`) WEAK	128
# TLS 1.1 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (`0xc014`) ECDH x25519 (eq. 3072 bits RSA) FS WEAK	256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (`0xc013`) ECDH x25519 (eq. 3072 bits RSA) FS WEAK	128
TLS_RSA_WITH_AES_256_CBC_SHA (`0x35`) WEAK	256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (`0x84`) WEAK	256
TLS_RSA_WITH_AES_128_CBC_SHA (`0x2f`) WEAK	128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (`0x41`) WEAK	128
# TLS 1.0 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (`0xc014`) ECDH x25519 (eq. 3072 bits RSA) FS WEAK	256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (`0xc013`) ECDH x25519 (eq. 3072 bits RSA) FS WEAK	128
TLS_RSA_WITH_AES_256_CBC_SHA (`0x35`) WEAK	256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (`0x84`) WEAK	256
TLS_RSA_WITH_AES_128_CBC_SHA (`0x2f`) WEAK	128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (`0x41`) WEAK	128

Handshake Simulation
Android 2.3.7 No SNI ²	RSA 2048 (SHA256)	TLS 1.0	TLS_RSA_WITH_AES_128_CBC_SHA No FS
Android 4.0.4	RSA 2048 (SHA256)	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS
Android 4.1.1	RSA 2048 (SHA256)	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS
Android 4.2.2	RSA 2048 (SHA256)	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS
Android 4.3	RSA 2048 (SHA256)	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS
Android 4.4.2	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Android 5.0.0	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Android 6.0	RSA 2048 (SHA256)	TLS 1.2 > http/1.1	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Android 7.0	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS
Android 8.0	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS
Android 8.1	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS
Android 9.0	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS
Baidu Jan 2015	RSA 2048 (SHA256)	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS
BingPreview Jan 2015	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Chrome 49 / XP SP3	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDH secp256r1 FS
Chrome 69 / Win 7 R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS
Chrome 70 / Win 10	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS
Chrome 80 / Win 10 R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS
Firefox 31.3.0 ESR / Win 7	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 47 / Win 7 R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDH secp256r1 FS
Firefox 49 / XP SP3	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Firefox 62 / Win 7 R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS
Firefox 73 / Win 10 R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS
Googlebot Feb 2018	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS
IE 7 / Vista	RSA 2048 (SHA256)	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS
IE 8 / XP No FS ¹ No SNI ²	Server sent fatal alert: handshake_failure
IE 8-10 / Win 7 R	RSA 2048 (SHA256)	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS
IE 11 / Win 7 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
IE 11 / Win 8.1 R	RSA 2048 (SHA256)	TLS 1.2 > http/1.1	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
IE 10 / Win Phone 8.0	RSA 2048 (SHA256)	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS
IE 11 / Win Phone 8.1 R	RSA 2048 (SHA256)	TLS 1.2 > http/1.1	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDH secp256r1 FS
IE 11 / Win Phone 8.1 Update R	RSA 2048 (SHA256)	TLS 1.2 > http/1.1	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
IE 11 / Win 10 R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Edge 15 / Win 10 R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS
Edge 16 / Win 10 R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS
Edge 18 / Win 10 R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS
Edge 13 / Win Phone 10 R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Java 6u45 No SNI ²	RSA 2048 (SHA256)	TLS 1.0	TLS_RSA_WITH_AES_128_CBC_SHA No FS
Java 7u25	RSA 2048 (SHA256)	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDH secp256r1 FS
Java 8u161	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Java 11.0.3	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Java 12.0.1	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
OpenSSL 0.9.8y	RSA 2048 (SHA256)	TLS 1.0	TLS_RSA_WITH_AES_256_CBC_SHA No FS
OpenSSL 1.0.1l R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
OpenSSL 1.0.2s R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
OpenSSL 1.1.0k R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS
OpenSSL 1.1.1c R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS
Safari 5.1.9 / OS X 10.6.8	RSA 2048 (SHA256)	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS
Safari 6 / iOS 6.0.1	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
Safari 6.0.4 / OS X 10.8.4 R	RSA 2048 (SHA256)	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS
Safari 7 / iOS 7.1 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
Safari 7 / OS X 10.9 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
Safari 8 / iOS 8.4 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
Safari 8 / OS X 10.10 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
Safari 9 / iOS 9 R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Safari 9 / OS X 10.11 R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Safari 10 / iOS 10 R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Safari 10 / OS X 10.12 R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Safari 12.1.2 / MacOS 10.14.6 Beta R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS
Safari 12.1.1 / iOS 12.3.1 R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS
Apple ATS 9 / iOS 9 R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Yahoo Slurp Jan 2015	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
YandexBot Jan 2015	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
# Not simulated clients (Protocol mismatch)
IE 6 / XP No FS ¹ No SNI ²	Protocol mismatch (not simulated)
Click here to expand
(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
(3) Only first connection attempt simulated. Browsers sometimes retry with a lower protocol version.
(R) Denotes a reference browser or client, with which we expect better effective security.
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).
(All) Certificate trust is not checked in handshake simulation, we only perform TLS handshake.

Protocol Details
Secure Renegotiation	Supported
Secure Client-Initiated Renegotiation	No
Insecure Client-Initiated Renegotiation	No
BEAST attack	Not mitigated server-side (more info) TLS 1.0: `0xc014`
POODLE (SSLv3)	No, SSL 3 not supported (more info)
POODLE (TLS)	No (more info)
Zombie POODLE	No (more info) TLS 1.2 : `0xc027`
GOLDENDOODLE	No (more info) TLS 1.2 : `0xc027`
OpenSSL 0-Length	No (more info) TLS 1.2 : `0xc027`
Sleeping POODLE	No (more info) TLS 1.2 : `0xc027`
Downgrade attack prevention	Yes, TLS_FALLBACK_SCSV supported (more info)
SSL/TLS compression	No
RC4	No
Heartbeat (extension)	No
Heartbleed (vulnerability)	No (more info)
Ticketbleed (vulnerability)	No (more info)
OpenSSL CCS vuln. (CVE-2014-0224)	No (more info)
OpenSSL Padding Oracle vuln. (CVE-2016-2107)	No (more info)
ROBOT (vulnerability)	No (more info)
Forward Secrecy	With modern browsers (more info)
ALPN	Yes h2 http/1.1
NPN	Yes h2 http/1.1
Session resumption (caching)	Yes
Session resumption (tickets)	Yes
OCSP stapling	No
Strict Transport Security (HSTS)	No
HSTS Preloading	Not in: Chrome Edge Firefox IE
Public Key Pinning (HPKP)	No (more info)
Public Key Pinning Report-Only	No
Public Key Pinning (Static)	No (more info)
Long handshake intolerance	No
TLS extension intolerance	No
TLS version intolerance	No
Incorrect SNI alerts	No
Uses common DH primes	No, DHE suites not supported
DH public server param (Ys) reuse	No, DHE suites not supported
ECDH public server param reuse	No
Supported Named Groups	x25519, secp256r1, x448, secp521r1, secp384r1 (server preferred order)
SSL 2 handshake compatibility	Yes

HTTP Requests

1 https://www.bceao.int/ (HTTP/1.1 200 OK)
1
	Server	nginx/1.20.1
	Content-Type	text/html; charset=UTF-8
	Transfer-Encoding	chunked
	Connection	close
	Cache-Control	max-age=1800, public
	Date	Wed, 15 Oct 2025 17:35:24 GMT
	X-Drupal-Dynamic-Cache	MISS
	Link	<https://www.bceao.int/fr>; rel="canonical", <https://www.bceao.int/fr>; rel="shortlink"
	X-UA-Compatible	IE=edge
	Content-language	fr
	X-Content-Type-Options	nosniff
	X-Frame-Options	SAMEORIGIN
	X-Drupal-Cache-Tags	block_content:1 block_content:10 block_content:11 block_content:12 block_content:13 block_content:15 block_content:16 block_content:17 block_content:18 block_content:19 block_content:2 block_content:23 block_content:24 block_content:25 block_content:26 block_content:27 block_content:28 block_content:29 block_content:3 block_content:36 block_content:37 block_content:4 block_content:42 block_content:43 block_content:45 block_content:46 block_content:47 block_content:49 block_content:5 block_content:50 block_content:51 block_content:53 block_content:6 block_content:66 block_content:68 block_content:69 block_content:7 block_content:70 block_content:71 block_content:72 block_content:73 block_content:74 block_content:79 block_content:8 block_content:80 block_content:81 block_content:9 block_content:98 block_content_view block_view config:block.block.accesrapide config:block.block.addtoanybuttons config:block.block.addtoanybuttons_2 config:block.block.albumcpmdecembre2018 config:block.block.application config:block.block.articleslies config:block.block.autrespublications config:block.block.autrespublications_2 config:block.block.banknotesandcoins config:block.block.bannerright config:block.block.bceaoannualreport config:block.block.bloc_billetpice_right config:block.block.bloc_right_edition2018_prix config:block.block.bloc_right_stat config:block.block.bloc_toutes_publications config:block.block.blocdevise config:block.block.blocdevise_2 config:block.block.blocktabshometabs1 config:block.block.blocktabshometabs1_2 config:block.block.blocktabshometabs2 config:block.block.blocktabshometabsen config:block.block.blocktype1 config:block.block.blocktype2 config:block.block.blocktype3 config:block.block.blocmenustatistique config:block.block.blocmenustatistique_2 config:block.block.bouton config:block.block.brokenmissing config:block.block.candidaturesinternes config:block.block.cofeb config:block.block.cofebdocright config:block.block.companyperformance config:block.block.companyperformance2525 config:block.block.conferencesurlia config:block.block.consultezaussi config:block.block.contactgris config:block.block.contactopenclose config:block.block.conventionregissantlacommissionbancairedelumoa config:block.block.coursdesdevisescontrefranccfa config:block.block.coursdesdevisescontrefranccfa_2 config:block.block.customjs config:block.block.decouvrezaussi config:block.block.decouvrezlesaccesrapides config:block.block.devise config:block.block.devise2 config:block.block.documentacaorelativaaopremio config:block.block.documentationrelativeauprix config:block.block.documentsutilesdelaformation config:block.block.educationfinanciere config:block.block.educationfinanciere_2 config:block.block.emissionmonetaire config:block.block.etablissementsdecredit config:block.block.etudesetrecherches config:block.block.etudesetrecherches_2 config:block.block.etudesetrecherches_3 config:block.block.exposedformsearch_bceaopage_1 config:block.block.exposedformsearch_bceaopage_1_2 config:block.block.facetbceaocontenttype config:block.block.faq_bic config:block.block.faq_fintech config:block.block.faq_inclusion config:block.block.faq_prix config:block.block.faqtext config:block.block.faqtext_2 config:block.block.footercopyright config:block.block.footeren config:block.block.formulairespourlesprofessionnels config:block.block.galerieconference config:block.block.galerieconference_2 config:block.block.galeriephotoconferenceinternationale config:block.block.inclusion_financiere_salon config:block.block.inscription_prix config:block.block.interventiontiemoko config:block.block.interventiontiemoko_2 config:block.block.interventiontiemokoindex config:block.block.lacommissionbancaire config:block.block.languageswitchercontent config:block.block.lesorganesdelabceao config:block.block.lesorganesquiassurentlefonctionnementdelumoa config:block.block.lesorganesquiassurentlefonctionnementdelumoasont config:block.block.liensutiles config:block.block.linksaccesrapide config:block.block.mainnavigation config:block.block.mainnavigationen config:block.block.marchedestitrespublicsetprivesemisparappelpublic config:block.block.marchemonetaire config:block.block.marchespublicsachats config:block.block.medianet_account_menu config:block.block.medianet_branding config:block.block.medianet_breadcrumbs config:block.block.medianet_content config:block.block.medianet_footer config:block.block.medianet_help config:block.block.medianet_local_actions config:block.block.medianet_local_tasks config:block.block.medianet_main_menu config:block.block.medianet_messages config:block.block.medianet_powered config:block.block.medianet_search config:block.block.medianet_tools config:block.block.menu1bloc config:block.block.menu1bloc2 config:block.block.menu_bceao config:block.block.menu_billet_right config:block.block.menu_billetetpiece config:block.block.menu_politiquemonetaire config:block.block.menu_stabilitefinanciere config:block.block.menutop config:block.block.menutopen config:block.block.messagenooffres config:block.block.museedelamonnaie config:block.block.newsletter config:block.block.paf2018 config:block.block.pagetitle config:block.block.planstrategique20162018 config:block.block.presentationjuridique config:block.block.prixabdoulayefadiga config:block.block.prixabdoulayefadiga2 config:block.block.promotiondebancarisation config:block.block.promotiondebancarisation_2 config:block.block.publicationsperiodiques config:block.block.publicationsperiodiques_2 config:block.block.rapportannuelimbrique config:block.block.rapportssurlapolitiquemonetaire20162017 config:block.block.reglementation config:block.block.reglementation_2 config:block.block.reglementation_3 config:block.block.reseauxsociaux config:block.block.reseauxsociaux_2 config:block.block.semainedelinclusionfinanciere2018 config:block.block.sicastar config:block.block.sicastar_2 config:block.block.siegedelabceao config:block.block.situationdelamicrofinance config:block.block.star_right config:block.block.systemepaiementmenu config:block.block.systemesfinanciersdecentralises config:block.block.tabs config:block.block.views_block__album_photo_block_1 config:block.block.views_block__appels_offres_block_10 config:block.block.views_block__appels_offres_block_11 config:block.block.views_block__appels_offres_block_2 config:block.block.views_block__appels_offres_block_3 config:block.block.views_block__appels_offres_block_8 config:block.block.views_block__appels_offres_block_9 config:block.block.views_block__banner_index_block_1 config:block.block.views_block__bceao_news_block_2 config:block.block.views_block__communique_presse_block_2 config:block.block.views_block__communique_presse_block_3 config:block.block.views_block__communique_presse_block_4 config:block.block.views_block__communique_presse_block_6 config:block.block.views_block__documents_block_1 config:block.block.views_block__etats_membres_block_2 config:block.block.views_block__etats_membres_block_3 config:block.block.views_block__evenements_block_1 config:block.block.views_block__institutions_block_1 config:block.block.views_block__interventions_du_gouverneur_block_1 config:block.block.views_block__interventions_du_gouverneur_block_1_2 config:block.block.views_block__interventions_du_gouverneur_block_1_3 config:block.block.views_block__interventions_du_gouverneur_block_2 config:block.block.views_block__interventions_du_gouverneur_block_3 config:block.block.views_block__publications_block_1 config:block.block.views_block__publications_block_6 config:block.block.views_block__publications_block_7 config:block.block.views_block__reglementations_block_1 config:block.block.views_block__reglementations_block_2 config:block.block.views_block__reunions_block_1 config:block.block.views_block__reunions_block_2 config:block.block.voiraussi config:block.block.vousavezbesoindeplusdinformations config:block_list config:color.theme.medianet config:configurable_language_list config:core.entity_form_display.webform_submission.newsletter.add config:field.storage.node.body config:field.storage.node.field_date config:field.storage.node.field_date_debut config:field.storage.node.field_date_fin config:field.storage.node.field_description config:field.storage.node.field_fichier config:field.storage.node.field_image config:field.storage.node.field_info_banner config:field.storage.node.field_lien config:field.storage.node.field_page_publication config:field.storage.node.field_page_reglementation config:field.storage.node.field_reference config:field.storage.node.field_sub_title config:field.storage.node.field_tags_banner config:field.storage.node.field_theme_offres config:filter.format.basic_html config:filter.format.full_html config:system.menu.footer config:system.menu.main config:system.menu.menu-top config:system.site config:user.role.anonymous config:views.view.appels_offres config:views.view.banner_index config:views.view.bceao_news config:views.view.institutions config:views.view.interventions_du_gouverneur config:views.view.tabs_home config:webform.settings config:webform.webform.contactez_nous config:webform.webform.newsletter file:11506 file:11507 file:11508 file:1459 file:16 file:17 file:18 file:19 file:20 file:21 file:2494 file:26 file:28 file:29 file:32552 file:32877 file:3696 file:3701 file:3812 file:3915 file:3919 file:3920 file:3926 file:3946 file:3947 file:3949 file:4151 file:4156 file:4201 file:435 file:51192 file:520 file:521 file:52810 file:52811 file:54244 file:6045 file:93620 file:93621 file:94001 file:94227 file:94469 file:94488 file:94503 file:94519 file:94538 file:94551 file:94552 file:94556 file:94564 http_response node:1193 node:1242 node:1243 node:1245 node:140 node:2221 node:3068 node:3325 node:57 node:61 node:6309 node:6732 node:7 node:7006 node:7011 node:7013 node:7323 node:7352 node:7401 node:7422 node:7555 node:7739 node:792 node:8 node:8084 node:8102 node:8190 node:8216 node:8408 node:8410 node:8413 node:8419 node:8422 node:8431 node:8433 node:8434 node:8435 node:8438 node:8439 node:8440 node:8451 node:8453 node:8454 node:8455 node:8458 node:8464 node:9 node_list rendered taxonomy_term:100 taxonomy_term:101 taxonomy_term:102 user:0 webform:contactez_nous webform:newsletter
	X-Drupal-Cache-Contexts	cookies:big_pipe_nojs languages:language_content languages:language_interface languages:language_url route session.exists theme timezone url user
	Expires	Sun, 19 Nov 1978 05:00:00 GMT
	Last-Modified	Wed, 15 Oct 2025 17:35:21 GMT
	ETag	"1760549721"
	Vary	Cookie
	X-Generator	Drupal 8 (https://www.drupal.org)
	X-Drupal-Cache	HIT

Miscellaneous
Test date	Thu, 16 Oct 2025 07:08:13 UTC
Test duration	122.424 seconds
HTTP status code	200
HTTP server signature	nginx/1.20.1
Server hostname	srv02bceao.com

SSL Report v2.4.1

Copyright © 2009-2025 Qualys, Inc. All Rights Reserved. Privacy Policy.	Terms and Conditions
Try Qualys for free! Experience the award-winning Qualys Cloud Platform and the entire collection of Qualys Cloud Apps, including certificate security solutions.